search

GoogleCloudPlatform / gke-managed-certs

Managed Certificates for Kubernetes clusters using GCLB
Apache License 2.0
246 stars 32 forks source link

Docker tags for older versions are deleted #30

Closed kribor closed 5 years ago

kribor commented 5 years ago

Hi,

Today I noticed the managed certificate controller in one of our clusters was failing because it couldn't pull v0.3.0. I know it's not the most recent version but I would expect labeled versions to stick around for more than a few months (looks like it's ~4 months old).

Maybe tag retention can be changed so we can keep "released" versions longer? Or if not document how long we can expect tagged versions to stay around?

krzykwas commented 5 years ago

Works for me:

$ docker pull gcr.io/google-containers/managed-certificate-controller:v0.3.0 v0.3.0: Pulling from google-containers/managed-certificate-controller Digest: sha256:01fcd3e1c1ed9e0c8d34abfcf8c7b5761ec8921967c7a9972d2b836ab32daaa1 Status: Downloaded newer image for gcr.io/google-containers/managed-certificate-controller:v0.3.0

If it didn't, existing GKE versions would be broken. I can't influence tag retention on that repo, but I think it should be sufficiently long.

kribor commented 5 years ago

Maybe it was only removed from the EU repo:

docker pull eu.gcr.io/managed-certs-gke/managed-certificate-controller:v0.3.0 v0.3.0: Pulling from managed-certs-gke/managed-certificate-controller d2519f41f710: Already exists 6d47eb7def47: Pulling fs layer ... error pulling image configuration: unknown blob

krzykwas commented 5 years ago

Ok, sorry, here is the explanation:

eu.gcr.io/managed-certs-gke is a development registry and even though it was referenced in the controller manifest, in fact it shouldn't have been. Now I changed it to gcr.io/google-containers which is an official GKE registry, and images there won't disappear. The development registry right now is configured to keep the images for up to 60 days, but the best way forward is to use the official GKE one.

Additionally I updated the Makefile so that if anyone wants, it should now be possible to build the controller image yourself. One of the build steps referenced a google-internal tool used to make sure the code conforms to OSS guidelines, now this step is optional.

These changes come with https://github.com/GoogleCloudPlatform/gke-managed-certs/commit/4c7331de250aeb42ba71638978fb3f7aa2dd268c

kribor commented 5 years ago

Ok, then I get why it disappeared :)